Sunday, July 12, 2015

Summer’s On! Super Sysadmin Linkfest

Little Bro and I just wrapped up some Saturn Ion A/C system repairs in the driveway. Got the chill winds blowing in the cabin again. So with that resolved, time looks available for a summer’s on, super sysadmin linkfest dump to cover all the bases. (And expect another Shade-tree Saturn Ion Mechanic tip post very soon, too.)

It is simple to use, hasn’t caused me any issue with the default security level settings, and gives me the comfort of having an additional layer of protection against ransomware threats. The free version works nicely on our home systems.

The app mentioned was Freemake Video Converter. It is clearly stated in the post and in the comments that the application comes bundled with OpenCandy that may be tricky to decline installation thereof. A comment in the thread recommended running the installer from the command-line with the “/nocandy” switch. I tried that and it seemed to work. When you download the installer off the product web-site it is just a “stub downloaded” which then fetches and retrieves/installs the “full” package. In my case it was:

C:\Users\<PROFILEID>\Downloads\FreeVideoToDVDConverter.exe /nocandy

A follow-up scan with Malwarebytes Anti-malware come back clean (…well except where it found it embedded in the full app download package placed in the TEMP folder) and it always detects OpenCandy in installer packs (based on my personal experiences).

So here is a fourth option worth considering if you need a free utility to burn various video files into a single DVD compilation.

I’m a hard-core user of the free KeePass Password Safe & MiniKeePass (iOS) utility. That said, I have to confess that it is very challenging keeping the core database synced between mine and Lavie’s various iDevices and laptops. Add to the fact that the master password datebase file is a hot target for hacking with all the keys to the kingdom I’m sincerely open to a new model for complex/random password management. And at work KeePass (and all password managers) are not approved software so I have to do a super-kludgy solution with using a Bitlocker volume file.

Master Password – project page. Thanks to the TinyApps blogger I’m now very intrigued and will likely be seeing if I can incorporate this into my routine. There is lots of documentation available (both on TinyApps’ post and on the project page) and is is all very human-readable. The desktop version is a Java app so there is that “issue” if you are on Windows and have stripped Java from your system, though I guess you could go with jPortable and the jPortable Launcher from portable apps as a compromise. The developer also has a beta version of a Web app that could work.

TraceWrangler – Jasper Bongertz’s awesome tool for sanitizing and anonymizing trace files was updated a while back to beta build 0.4.0 build 616 in x32/x64 flavors. ChangeLog. Sadly, I don’t (yet) do the twitter so there doesn’t seem to be an RSS alternative to watching for update releases without stopping by for a visit from time to time. Update! Jasper Bongertz has kindly now updated the project page to include aRSS feed! Awesome and many thanks! See also these recent posts by Jasper:

Desktops – Sysinternals – This free portable app allows you to spawn up to four virtual desktop sessions under your Windows account. That’s an old feature for most *Nix users and is getting added into Windows 10. But with this single file you can bring it to your Windows desktop OS right now.

SterJo NetStalker – SterJo Software – This is an interesting app. I particularly like that it comes in a portable version. As noted in the gHacks post, it is very similar to (but with some differences) to Nir Sofer’s CurrPorts utility.

At the church-house we run a program called Shelby Systems. It is a client/server based model and though most all of the systems have the client software on it, only one user in particular is constantly having issues connecting to the server unless we shut-down the (Windows) server’s firewall, allow the client communication to establish, then turn on the firewall again. So it looks like the server firewall has some not-yet-located firewall rule in play not set correctly. I’m hoping that this and/or CurrPorts can help us hone in on the specific issue. If I do solve it, I’ll post a troubleshooting guide.

So McAfee’s standalone Stinger AV tool is/has-been/was a great tool to run in an attempt to scan a system for specific threats and attempt to neutralize/remove them. It is updated often with new definition patterns and has been a long-time tool in the GSD infection response toolkit.

However a while back an uproar occurred when it was found a new version upgrade with enhanced features left a running/persistent McAfee service (the 'McAfee Validation Trust Protection Service' mfevtps.exe) on your system afterward; even when the binary was removed, and with no clear way to remove it.

Only what I didn’t see in the aftermath were any notices that McAfee reported the persistent service module everyone was hollering about was due to a bug in the application. It was quickly fixed and now Stinger behaves the way it used to, fully cleaning itself up after run.

The McAfee Validation Trust Protection Service is needed for Stinger to perform rootkit scanning of a system. This service is temporarily installed during a Stinger scan and is removed once the rootkit scanning portion is completed.

In a recent update to the Stinger's rootkit scanning engine, an issue was found where it wasn't getting uninstalled in certain conditions. We've fixed that in last week's release. The latest Stinger available for download should not leave behind any components post a scan.

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!